opendev/system-config
Code Issues Proposed changes

Add warning about kerberos key rotation

Browse Source 
Change-Id: I9e4caf8feeb775c02208a5e5f1627f03a90e4211
This commit is contained in:
James E. Blair 2020-01-31 16:22:52 -08:00
parent f62a75fae9
commit cfc1841c06
2 changed files with 6 additions and 0 deletions

3
doc/source/afs.rst

@ -411,6 +411,9 @@ read-write volumes.
kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG
kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG
.. warning:: Each time ``ktadd`` is run, the key is rotated and
previous keytabs are invalidated.
* Add the service principal's keytab to Ansible secrets. Copy the * Add the service principal's keytab to Ansible secrets. Copy the
binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to
update the files update the files

3
doc/source/kerberos.rst

@ -102,6 +102,9 @@ Then save the principal's keytab::
kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG
.. warning:: Each time ``ktadd`` is run, the key is rotated and
previous keytabs are invalidated.
Resetting A User Principal's Password Resetting A User Principal's Password
------------------------------------- -------------------------------------